[moodle.git] / admin / uploadpicture.php

<?php // $Id$

///////////////////////////////////////////////////////////////////////////
//                                                                       //
// Copyright (C) 2007 Inaki Arenaza                                      //
//                                                                       //
// Based on .../admin/uploaduser.php and .../lib/gdlib.php               //
//                                                                       //
// This program is free software; you can redistribute it and/or modify  //
// it under the terms of the GNU General Public License as published by  //
// the Free Software Foundation; either version 2 of the License, or     //
// (at your option) any later version.                                   //
//                                                                       //
// This program is distributed in the hope that it will be useful,       //
// but WITHOUT ANY WARRANTY; without even the implied warranty of        //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         //
// GNU General Public License for more details:                          //
//                                                                       //
//          http://www.gnu.org/copyleft/gpl.html                         //
//                                                                       //
///////////////////////////////////////////////////////////////////////////

require_once('../config.php');
require_once($CFG->libdir.'/uploadlib.php');
require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/gdlib.php');
require_once('uploadpicture_form.php');

$adminroot = admin_get_root();

admin_externalpage_setup('uploadpictures', $adminroot);

require_login();

require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM, SITEID));

if (!$site = get_site()) {
    error("Could not find site-level course");
}

if (!$adminuser = get_admin()) {
    error("Could not find site admin");
}

$strfile = get_string('file');
$struser = get_string('user');
$strusersupdated = get_string('usersupdated');
$struploadpictures = get_string('uploadpictures','admin');
$usersupdated = 0;
$userserrors = 0;

$userfields = array (
    0 => 'username',
    1 => 'idnumber',
    2 => 'id' );

$userfield = optional_param('userfield', 0, PARAM_INT);
$overwritepicture = optional_param('overwritepicture', 0, PARAM_BOOL);

/// Print the header
admin_externalpage_print_header();
print_heading_with_help($struploadpictures, 'uploadpictures');

$mform = new admin_uploadpicture_form();
if ($formdata = $mform->get_data()) {
    if (!array_key_exists($userfield, $userfields)) {
        notify(get_string('uploadpicture_baduserfield','admin'));
    } else {
        // Large files are likely to take their time and memory. Let PHP know
        // that we'll take longer, and that the process should be recycled soon
        // to free up memory.
        @set_time_limit(0);
        @raise_memory_limit("192M");
        if (function_exists('apache_child_terminate')) {
            @apache_child_terminate();
        }
        
        // Create a unique temporary directory, to process the zip file
        // contents.
        $zipdir = my_mktempdir($CFG->dataroot.'/temp/', 'usrpic');
        
        if (!$mform->save_files($zipdir)) {
            notify(get_string('uploadpicture_cannotmovezip','admin'));
            @remove_dir($zipdir);
        } else {
            $dstfile = $zipdir.'/'.$mform->get_new_filename();
            if(!unzip_file($dstfile, $zipdir, false)) {
                notify(get_string('uploadpicture_cannotunzip','admin'));
                @remove_dir($zipdir);
            } else {
                // We don't need the zip file any longer, so delete it to make
                // it easier to process the rest of the files inside the directory.
                @unlink($dstfile);
                if(! ($handle = opendir($zipdir))) {
                    notify(get_string('uploadpicture_cannotprocessdir','admin'));
                } else {
                    while (false !== ($item = readdir($handle))) {
                        if($item != '.' && $item != '..' && is_file($zipdir.'/'.$item)) {
                            
                            // Add additional checks on the filenames, as they are user
                            // controlled and we don't want to open any security holes.
                            $path_parts = pathinfo(cleardoubleslashes($item));
                            $basename  = $path_parts['basename'];
                            $extension = $path_parts['extension'];
                            if ($basename != clean_param($basename, PARAM_CLEANFILE)) {
                                // The original picture file name has invalid characters
                                notify(get_string('uploadpicture_invalidfilename', 'admin',
                                                  clean_param($basename, PARAM_CLEANHTML)));
                                continue;
                            }

                            // The picture file name (without extension) must match the
                            // userfield attribute.
                            $uservalue = substr($basename, 0,
                                                strlen($basename) -
                                                strlen($extension) - 1);
                            // userfield names are safe, so don't quote them.
                            if (!($user = get_record('user', $userfields[$userfield],
                                                     addslashes($uservalue)))) {
                                $userserrors++;
                                $a = new Object();
                                $a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML);
                                $a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
                                notify(get_string('uploadpicture_usernotfound', 'admin', $a));
                                continue;
                            }
                            $haspicture = get_field('user', 'picture', 'id', $user->id);
                            if ($haspicture && !$overwritepicture) {
                                notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
                                continue;
                            }
                            if (my_save_profile_image($user->id, $zipdir.'/'.$item)) {
                                set_field('user', 'picture', 1, 'id', $user->id);
                                $usersupdated++;
                                notify(get_string('uploadpicture_userupdated', 'admin', $user->username));
                            } else {
                                $userserrors++;
                                notify(get_string('uploadpicture_cannotsave', 'admin', $user->username));
                            }
                        }
                    }
                }
                closedir($handle);
            
                // Finally remove the temporary directory with all the user images and print some stats.
                remove_dir($zipdir);
                notify(get_string('usersupdated', 'admin') . ": $usersupdated");
                notify(get_string('errors', 'admin') . ": $userserrors");
                echo '<hr />';
            }
        }
    }
}
$mform->display();
admin_externalpage_print_footer();
exit;

// ----------- Internal functions ----------------

function my_mktempdir($dir, $prefix='', $mode=0700) {
    if (substr($dir, -1) != '/') {
        $dir .= '/';
    }

    do {
        $path = $dir.$prefix.mt_rand(0, 9999999);
    } while (!mkdir($path, $mode));

    return $path;
}

function my_save_profile_image($id, $originalfile) {
    $destination = create_profile_image_destination($id, 'user');
    if ($destination === false) {
        return false;
    }

    return process_profile_image($originalfile, $destination);
}

?>
Commit	Line	Data
b352b2e9	1	<?php // $Id$
	2
	3	///////////////////////////////////////////////////////////////////////////
	4	// //
	5	// Copyright (C) 2007 Inaki Arenaza //
	6	// //
	7	// Based on .../admin/uploaduser.php and .../lib/gdlib.php //
	8	// //
	9	// This program is free software; you can redistribute it and/or modify //
	10	// it under the terms of the GNU General Public License as published by //
	11	// the Free Software Foundation; either version 2 of the License, or //
	12	// (at your option) any later version. //
	13	// //
	14	// This program is distributed in the hope that it will be useful, //
	15	// but WITHOUT ANY WARRANTY; without even the implied warranty of //
	16	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
	17	// GNU General Public License for more details: //
	18	// //
	19	// http://www.gnu.org/copyleft/gpl.html //
	20	// //
	21	///////////////////////////////////////////////////////////////////////////
	22
	23	require_once('../config.php');
	24	require_once($CFG->libdir.'/uploadlib.php');
	25	require_once($CFG->libdir.'/adminlib.php');
	26	require_once($CFG->libdir.'/gdlib.php');
	27	require_once('uploadpicture_form.php');
	28
	29	$adminroot = admin_get_root();
	30
	31	admin_externalpage_setup('uploadpictures', $adminroot);
	32
	33	require_login();
	34
	35	require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM, SITEID));
	36
	37	if (!$site = get_site()) {
	38	error("Could not find site-level course");
	39	}
	40
	41	if (!$adminuser = get_admin()) {
	42	error("Could not find site admin");
	43	}
	44
	45	$strfile = get_string('file');
	46	$struser = get_string('user');
	47	$strusersupdated = get_string('usersupdated');
	48	$struploadpictures = get_string('uploadpictures','admin');
	49	$usersupdated = 0;
	50	$userserrors = 0;
	51
	52	$userfields = array (
	53	0 => 'username',
	54	1 => 'idnumber',
	55	2 => 'id' );
	56
	57	$userfield = optional_param('userfield', 0, PARAM_INT);
	58	$overwritepicture = optional_param('overwritepicture', 0, PARAM_BOOL);
	59
	60	/// Print the header
	61	admin_externalpage_print_header();
	62	print_heading_with_help($struploadpictures, 'uploadpictures');
	63
	64	$mform = new admin_uploadpicture_form();
65	if ($formdata = $mform->get_data()) {
66	if (!array_key_exists($userfield, $userfields)) {
67	notify(get_string('uploadpicture_baduserfield','admin'));
68	} else {
69	// Large files are likely to take their time and memory. Let PHP know
70	// that we'll take longer, and that the process should be recycled soon
71	// to free up memory.
72	@set_time_limit(0);
73	@raise_memory_limit("192M");
74	if (function_exists('apache_child_terminate')) {
75	@apache_child_terminate();
76	}
77
78	// Create a unique temporary directory, to process the zip file
79	// contents.
80	$zipdir = my_mktempdir($CFG->dataroot.'/temp/', 'usrpic');
81
82	if (!$mform->save_files($zipdir)) {
83	notify(get_string('uploadpicture_cannotmovezip','admin'));
84	@remove_dir($zipdir);
85	} else {
86	$dstfile = $zipdir.'/'.$mform->get_new_filename();
87	if(!unzip_file($dstfile, $zipdir, false)) {
88	notify(get_string('uploadpicture_cannotunzip','admin'));
89	@remove_dir($zipdir);
90	} else {
91	// We don't need the zip file any longer, so delete it to make
92	// it easier to process the rest of the files inside the directory.
93	@unlink($dstfile);
94	if(! ($handle = opendir($zipdir))) {
95	notify(get_string('uploadpicture_cannotprocessdir','admin'));
96	} else {
97	while (false !== ($item = readdir($handle))) {
98	if($item != '.' && $item != '..' && is_file($zipdir.'/'.$item)) {
99
100	// Add additional checks on the filenames, as they are user
101	// controlled and we don't want to open any security holes.
102	$path_parts = pathinfo(cleardoubleslashes($item));
103	$basename = $path_parts['basename'];
104	$extension = $path_parts['extension'];
105	if ($basename != clean_param($basename, PARAM_CLEANFILE)) {
106	// The original picture file name has invalid characters
107	notify(get_string('uploadpicture_invalidfilename', 'admin',
108	clean_param($basename, PARAM_CLEANHTML)));
109	continue;
110	}
111
112	// The picture file name (without extension) must match the
113	// userfield attribute.
114	$uservalue = substr($basename, 0,
115	strlen($basename) -
116	strlen($extension) - 1);
117	// userfield names are safe, so don't quote them.
118	if (!($user = get_record('user', $userfields[$userfield],
119	addslashes($uservalue)))) {
120	$userserrors++;
121	$a = new Object();
122	$a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML);
123	$a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
124	notify(get_string('uploadpicture_usernotfound', 'admin', $a));
125	continue;
126	}
127	$haspicture = get_field('user', 'picture', 'id', $user->id);
128	if ($haspicture && !$overwritepicture) {
129	notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
130	continue;
131	}
132	if (my_save_profile_image($user->id, $zipdir.'/'.$item)) {
133	set_field('user', 'picture', 1, 'id', $user->id);
134	$usersupdated++;
135	notify(get_string('uploadpicture_userupdated', 'admin', $user->username));
136	} else {
137	$userserrors++;
138	notify(get_string('uploadpicture_cannotsave', 'admin', $user->username));
139	}
140	}
141	}
142	}
143	closedir($handle);
144
145	// Finally remove the temporary directory with all the user images and print some stats.
146	remove_dir($zipdir);
147	notify(get_string('usersupdated', 'admin') . ": $usersupdated");
148	notify(get_string('errors', 'admin') . ": $userserrors");
149	echo '<hr />';
150	}
151	}
152	}
153	}
154	$mform->display();
155	admin_externalpage_print_footer();
156	exit;
157
158	// ----------- Internal functions ----------------
159
160	function my_mktempdir($dir, $prefix='', $mode=0700) {
161	if (substr($dir, -1) != '/') {
162	$dir .= '/';
163	}
164
165	do {
166	$path = $dir.$prefix.mt_rand(0, 9999999);
167	} while (!mkdir($path, $mode));
168
169	return $path;
170	}
171
172	function my_save_profile_image($id, $originalfile) {
173	$destination = create_profile_image_destination($id, 'user');
174	if ($destination === false) {
175	return false;
176	}
177
178	return process_profile_image($originalfile, $destination);
179	}
180
181	?>